Lucas-Lehmer Primality Test 


D. Cortild (s4279239) and A. Villegas Sanabria (s4368908) 


University of Groningen, February 2, 2022 


Abstract—Primality testing is a rather complicated and 
computationally heavy process. For special numbers, 
such as Mersenne numbers, more specific and lighter 
methods exist. One of them is the Lucas-Lehmer pri- 
mality test, which will be discussed throughout this 
article. 


Index Terms—tLucas-Lehmer, Primality test, Prime 
numbers, Mersenne primes 


I. Introduction 


The Great Internet Mersenne Prime Search (GIMPS) is 
the result of a collaborative effort by volunteers using free 
software to find Mersenne primes. Since its foundation in 
1996 by George Woltman up until today, the project has 
discovered a total of 17 primes, most of them being the 
largest known prime at the time of their discovery. The 
largest Mersenne prime number the project has found 
is 287589933 _ 1] which was discovered in late 2018. The 
main algorithm on which the GIMPS project builds is 
the Lucas-Lehmer primality test, as it is an efficient way 
of testing for Mersenne primes, and that it can be run 
efficiently on modern binary computer architectures. 


The Lucas-Lehmer test (LLT) is a primality test for 
Mersenne numbers M, = 2? — 1, with p an odd prime. 
It relies on the following sequence (s;) en 


4 ifi=0 
at 
‘ or —2 else 


I 


The first terms of the sequence are 4, 14, 194,37634 and 
1416317954, a more exhaustive list can be found in 
sequence A003010 on OEIS. 

The LLT then states that M,, for p an odd prime, is prime 
if and only it divides s,_,. As an example, Ms = 2-1=31 
is prime since 31 divides s; = 37634 = 31- 1214. On 
the other hand, one may test computationally that so is 
not divisible by M,, = 2047, predicated by the known 
non-primality of 2047 = 23 - 89. 


The principal aim of this paper is to prove the validity, 
study the effectiveness and explore different variations of 
this test. To start, in section II, we prove several results 
about quadratic residues, which will be used throughout 
the proofs in later sections. A reader familiar with the 
notions of quadratic residues can skip this section, as it 
is mainly covering the basics. In section III we perform a 
preliminary analysis on the sequence (s;)jey and different 


Mersenne numbers. Sections IV and V are devoted to 
proving respectively the necessity and the sufficiency of 
the LLT. Throughout the last section, section VI, an 
implementation of the test and its time complexity will 
be studied. 


II. Quadratic Residues 


Throughout the proof of the validity of the Lucas-Lehmer 
Test, we will use different results about perfect squares 
modulo p, or what is better known as quadratic residues 
modulo p. Although originally developed for a purely 
mathematical pleasure, they nowadays play a role in 
acoustics, cryptography, graph theory and primality test- 
ing. This section is devoted to the introduction of some 
notions and to the proofs of the claims resulting from 
them. Most knowledge exposed here is often assumed 
prior knowledge, and is included in this article for the 
sake of completeness. A reader familiar with the notion 
of quadratic residues and their results might find it useful 
to move on to section III. 


The main part of the early results in this section are 
inspired by the results in Reciprocity Laws: From Euler to 
Eisenstein by Franz Lemmermeyer ([6]) and by the works 
of O. Baumgart in Uber das Quadratische Reciprozitdtsge- 
setz ({1]). 


Definition. Let p be an odd prime number and a an 
integer. We say a is a quadratic residue modulo p if it 
is congruent to a perfect square modulo p. Else a is said 
to be a quadratic non-residue modulo p. 


In order to perform mathematical operations with 
quadratic residues, we define a mathematical symbol, 
the Legendre Symbol, which indicates whether a certain 
number is a quadratic residue modulo p or not. 


Definition. Take p an odd prime and a an integer non- 
multiple of p. The Legendre symbol is defined as follows 


(2)-{1, 


Additionally, if a is a multiple of p, we denote (¢) =0. 


if a is a quadratic residue mod p 


if a is a quadratic non-residue mod p 


One big property of the Legendre Symbol, known as 
Euler’s Criterion, is that it may be written as a closed 
formula depending on a and p only. This will simplify 
several calculations later. The result follows from the 
definition of the Legendre Symbol and Lemma 2.5 of [8]. 


D. Cortild, A. Villegas Sanabria 


Lucas-Lehmer Primality Test 


Proposition 1 (Euler’s Criterion). Let p be an odd prime 
and a an integer. Then it holds that 


(2) = oe (mod p) 
P 


Using this proposition, we may prove that the Legendre 
symbol is multiplicative with respect to the first input. 


Corollary 2. Let p be an odd prime and a, b integers. 


eh (28) (2) (8) 


Proof. By Proposition 1, 


(2) Gilg Tha (2) (2) (mod p) 
Pp Pp) \p 


Since both the left most and right most expressions are in 
{-1,0,1} and p > 3, we conclude that 


Geel’ 


Although Euler’s Criterion gives a pretty good formula 
for the Legendre symbol and heavily simplifies the com- 


putations, computation a is not always the best way to 
go, and is not always feasible. Gauss’s Lemma, presented 
next, gives a much more reliable method to compute any 
Legendre symbol. 


Lemma 3 (Gauss’s Lemma). Let p be an odd prime and a 
an integer coprime to p. Consider the half-system modulo 


P, ; 
= {1.2,....254} 
2 


And let n be the number of values k € A such that ka 


(mod p) ¢ A. Then 
(;) 0 
P 


Proof. Denote by B C A the set of elements k € A such 
that ka (mod p) ¢ A. By definition, n = | BI. 
Denote by o the map 


0: A>A, kt+tak (mod p) 


Where the + is chosen such that +ak (mod p) € A. This 
is always possible since ak is non-zero modulo p and 


={k| ke A}|J{-k | ke A} 


Also, the sign of + is uniquely defined as either ak 
(mod p) € A or —ak (mod p) € A, but not both. Also, 
observe that if k € B, then the sign is — and else the sign 
is +. 
Note that o is an injection, since, for k,r € A 

o(k) =o(r) —> tak=ar (mod p) 


—> +k=r (modp) = k=r 


Hence o is a permutation of A. 


We may thus compute the following value 


a? [= J] a 


keA keA 
= I] +o(k) 
keEA 
=(—15!" Il o(k) 
keA 
(21 Il k (mod p) 
keEA 


And hence 


As wanted. 


Gauss’s Lemma will allow us to prove more general results 
later on, but firstly we will find an easy formula for the 
quantity (2 


Corollary 4. Let p be an odd prime. Then 


if p=+l 
ifp #41 


(mod 8) 
(mod 8) 


Proof. Consider the numbers 


2,4, ...,2 |e | 2 [E].p-1 


Since p is odd, the middle values are distinct. By Gauss’s 
Lemma, we pick n to be the number of values in this 
sequence with residue modulo p in the range [p/2, p — 1]. 
These are exactly the numbers 


2/2] ,....9-1 


And thus 


We thus conclude that 


(2) =v ft 


Another consequence of Gauss’s Lemma is Eisenstein’s 
Lemma, which gives a more convenient way of expressing 
the value n and thus a simpler way of expressing the 
Legendre symbol. Although Gauss’s Lemma gave us an 
easier expression for whether a number is a quadratic 
residue or not, it is still not perfect and is rather hard 
to compute. The following lemma will simplify yet again 
that expression. 


if p=+l 
if p#+41 


(mod 8) 
(mod 8) 
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Lemma 5 (Eisenstein’s Lemma). Let p be an odd prime 
and a an integer coprime to p. Consider the value 


—1)/2 
n= > 22" 
P 


k=1 


(5) 
P 


Proof. Using Lemma 3, it is clear we need to prove the 
two definitions of n yield the same result, thus proving 
that they have the same parity. Using the notation of 
the proof of the previous lemma, we shall prove that 
k € B if and only if a is odd. Then n according to the 
definition of this statement would be of the same parity 
as |B|, the n of the previous statement, and the values of 
(—1)" would thus coincide for both values of n, concluding 
the proof. 


Then 


Observe that k € B if for some integer value a, 


ap+ > <ak <ap+p => |e | 2041 
Pp 


On the other hand, k ¢ B is for some integer value a, 


ap <ak <ap+ > => |2at| = 20 
Pp 


This conclude the proof. 


The very closed formula for (¢) given in Hisenstein’s 
Lemma allows us to prove a very important result of 
Quadratic Residues, namely the Law of Quadratic Reci- 
procity. The proof is presented via a geometric argument, 
inspired by Eisenstein’s proof presented in Eisenstein’s 
Misunderstood Geometric Proof of the Quadratic Reci- 
procity Theorem, by Reinhard C. Laubenbacher and David 
J. Pengelley ([7]). 


Theorem 6 (Law of Quadratic Reciprocity). Let p and q 
be distinct odd prime numbers. Then 


(2) (2) = (-1)0-D@-4 
qa) \p 


Proof. We shall use Eisenstein’s Lemma to prove the 
result. Indeed, translated into sums, the Law is equivalent 
to proving that 


y 2k oo 2pk| _ p-1q-1 
a 


k=l P k=l q 


(mod 2) 


We prove the result using the following diagram. The 
coordinates of the points may be read of it and one might 
observe that The line passing through A, H and B has a 
slope of q/p. 


F (0,q) J (p/2,q) B (p,q) 
L (0,q/2) 
A (0,0) K (p/2,0) D (p,0) 


Denote by Og, E, and Ty, the total number of integer 
points with odd, even or any x coordinate strictly in the 
figure A. 


Observe that no integer point (n, m) may lie on the segment 
AB strictly between A and B, since that would imply 


pm = qn => plan => pln = pal 


Contradicting that the point (”,m) is on the inside of the 
segment AB. 


Now the quantity | | represents the number of integer 
points (2k, a), where 0 < a < 2k - q/p. Since equality may 
never occur, this is the number of integer points with x 
coordinate 2k strictly inside the triangle ABD. So 


(p-L/2 gk 
ay —| = Easp 
k=l LP 


Next observe that each integer column (fixed value of x) 
has exactly gq — 1, an even number, integer points strictly 
inside the rectangle AF BD. In specific, the number of 
integer points with an even x coordinate in the rectangle 
AF BD is even. In other terms, 


EarBp =9 (mod 2) 
Since no integer points lie on AB, we thus observe that 


Earep = Eppxkun+Epuys = Espkn =Epnys (mod 2) 


Then we consider the transformation (x,y) (p—x,q-y), 
which is basically a rotation by 180° through the centre of 
the rectangle H. This transformation maps in a bijective 
manner an integer point to an integer point. Also observe 
that the triangle BHJ is mapped to the triangle AHK, 
and that an even x coordinate integer point is mapped to 
an odd x coordinate integer point. In more mathematical 
terms, this yields 


Onnkx = Epuys 


Since no integer point lies on the vertical line with x 
coordinate p/2, we learn 


Eggo = Eaux + Eppxu = Eaux + Epuys 
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= Exsuxt+Ognx =Tanx (mod 2) 


(p-1)/2 


2qk 
“| =TyyK (mod 2) 
k=l LP 


Analogously, 


(q—1/2 
2pk 
| =T,y1, (mod 2) 
k=l 
Since no points may lie on the hypotenuse of the triangle, 
this translates to 


(p-l)/2 (q-1)/2 
2qk 2pk 
|S ll eran om 
kar eB k=l q 


But the number of points strictly in that rectangle is 


p-1q-1 
2 2 


Just as wanted. 


Now that we have all the tools in hand to easily com- 
pute any Legendre symbol, we might want to determine 
whether or not 3 and 6 are quadratic residues and under 
which conditions. These two results will be the main 
building blocks of the proof of the necessity of the Lucas- 
Lehmer Test, Theorem 18. 


Lemma 7. Let p> 3 be an odd prime. Then 


ane 


Proof. Since both 3 and p are odd distinct primes, we may 
use the Law of Quadratic Reciprocity, Theorem 6, in order 


to obtain 
)= jax" 


Since the quadratic residues modulo 3 are 0 and 1, and 
that p cannot be 0 modulo 3, we know that 


if p=+l 
if peel 


(mod 12) 
(mod 12) 


(2) = 1 ifp=1 (mod 3) 
3 —1 ifp=2 (mod 3) 
And thus 

ifp=1 (mod 3) 


(3)- {a 
D (-1)"5 


Which simplifies to 


if p=2 (mod 3) 


if p=+l 
if p #41 


(mod 12) 
(mod 12) 


The computation of (5) is a direct consequence of Corol- 
laries 2 and 4 and Lemma 7. 


Lemma 8. Let p> 3 be an odd prime. Then 


Or 


Proof. Using the multiplicativity of the Legendre symbol, 


we conc ide that 


The rest follows from Corollary 4 and Lemma 7. 


if p=+1,+5 (mod 24) 
if p#+1,45 (mod 24) 


On a different note, quadratic residues may be used to 
study the number of solutions to a quadratic equation. In 
Lemmas 9 and 11 we study such equations in respectively 
one and two variables. 


Lemma 9. Let p be an odd prime and a be an integer. 
The number of solutions x € Z/pZ of 


2 


x* =a (mod p) 


is exactly 1+ (<). 

Proof. Firstly, observe that if a = 0, then the equation 
x? = 0 (mod p) has a unique solution x = 0 (mod p), so 
the formula is also verified. 


Additionally, if a is a quadratic non-residue modulo p, 
then the solution obviously has no solutions and thus the 
formula is verified. 


If a is a non-zero quadratic residue modulo p, then the 
equation has at least one solution, call it x. Notice that 
—x will also be a solution, and it is distinct from x since 


x=-x (mod p) = 2x=0 (mod p) 


Since p is odd, 2 is invertible, and thus we would have x = 
0 (mod p). This contradicts the fact that a # 0 (mod p). 
Hence, the equation has at least 2 solutions. Suppose the 
equation has a third solution y # +x (mod p). Then 


x? =a=y (mod p) 
=> p\(x- y(xt+y) 
=> y=x (modp) or y=-x (mod p) 


Both contradict the assumptions about y, so no third solu- 
tion to the equation may exist. So in this case the equation 
has exactly 2 solutions, hence verifying the formula. 


In order to extend this result to a quadratic equation in 
two variables, we first need to compute the sum of all 
Legendre symbols for a fixed p. 


Lemma 10. Let p be an odd prime. Then 


X(3)-° 
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Proof. First we prove that the number of elements a € FX 


such that () = | is exactly — Consider the map 
f: Fe Foe xe 
This map is a homomorphism since 


f(xy) = Gy)? =2x°y? = fOFO) 
By the Homomorphism Theorem (Theorem VIII.2.1 of 


[5)), 


FX/ker(f) & (RO) 


By definition of f, ker(f) is the set of solutions to x= 1 
in F 4 . By Corollary 9, this equation has exactly 2 solutions 


in F, es , as () = 1. Thus | ker(f)| = 2, and hence 


|F*| Spel 
lker(f)| 2 


Thus exactly 2 + elements of Fe are quadratic residues 
modulo p, as wanted. 


LF(EX)| = 


In other words, (¢) = 1 for exactly half of the elements 
in FX, and thus (¢) = —1 for the other half. Additionally, 
by definition, (2) = 0. Thus, we deduce 


p-l 
(2) =0 
a=1 P 


We may now relate the number of solutions to a quadratic 
equation to a function of the Legendre symbol of its 
coefficients. 


As wanted. 


Lemma 11. Let p be an odd prime and a, f € F;*. The 
number of solutions (x, y) € FE of 


ax’ + py =1 
=) 
a 


Proof. Denote by N(-) the number of solutions to the 
equation - in F,. We are looking for the quantity 


(mod p) 


is exactly p— ( 


N = N(ax? + py’ = 1) 
Observe that, by Lemma 9, 


N= N(x* =a)N(y’ = b) 
aat+pb=1 


Pac) cae) 
2G) eG 


Observe that the following map is a bijection. 


F, > {(a,6): aa+ pb = 1},a+ (a, 6 '(1 — aa)) 


By this bijection, and by Lemma 10, 


a) 


y b 
_ — 0) 
aatpb=l ce) 


So the wanted expression is, using Corollary 2, 
b 
N=p+t+ 2 (2 ) 
acer, P 
ab 
ae Fp P 


( 
ae 


P 


Analogously, 


Where we used the equality (=) = ( 
the fact that 


O(S)-)-@- 
(Berna 


Notice that a+ a~™ —a is a bijection from F* to F,\{—a}. 
Thus the wanted expression is 


B a 
(2.0) 
P ete P 


=), following from 


—1 


-+()/-(2)-2 (| 
-»-(6) (=) 
a(S | 


As wanted. 


The study of quadratic residues is of course much more 
exhaustive, but we will limit ourselves to these interesting 
results. The main results that will be used throughout the 
following sections are Lemmas 7, 8 and 11. 
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III. Preliminary Analysis 


We start by formalizing the result we want to prove under 
the form of a theorem. 


Theorem 12 (Lucas-Lehmer Primality Test). Define 
(S)ien AS Sg = 4 and s; = ae —2 for i > 1. Then, for 
an odd prime p, the Mersenne number M, := 2? — | is 
prime if and only if it divides s,_». 
One might wonder why this test is enough to test the 
primality of every Mersenne number since it is only valid 
for odd primes, but in fact most Mersenne numbers are 
trivially non-prime. 


Claim 13. If the Mersenne number M,, is prime, then p 
is prime. 


Proof. We shall prove this statement by contraposition. So 
we want to prove that p not prime implies M, not prime. 
The first case to analyse is p = 1, which in turn yields 
M, = M, = 1, which is not prime. 


Now assume that p = qr, q,r > 1, is a composite number. 
Then we know that 


M, = 2-1/2" -1=M, 


Since 1 < M, < M,, we conclude that M, is composite, 
concluding the proof. 


A Mersenne number M p can thus only be prime if p is 
prime. If additionally p is even, then p = 2, and it is 
easily verifiable. Else p is an odd prime, and Theorem 12 
applies. The test thus produces a full characterization of 
all Mersenne primes, if one disregards the case p = 2. 


The recurrence relation in Theorem 12 is not particularly 
inviting. Its non-linear nature also means that it might 
not even be solvable. Luckily, in this case it is, using a 
well-motivated initial guess. 


Lemma 14. Let sg be fixed. Suppose there exists an 
invertible real 2 x 2 matrix @ such that @+ @7! = sol, 
where I, is the 2 x 2 identity matrix. 


Then the integer recurrence relation s;,; = s? —2fori>1 
with sg fixed is solved by 


n on 
sl, =@ +o 


R2*2 


Proof. Suppose @ € is invertible and solves 


o+o'!= Sol, 


Then n = 0 clearly verifies the formula. Suppose some non- 
negative integer n does so too. Then 


Snail = (8, — 2p 


=I, -21L 

= (s,J5) - 21, 

= («" +o? ) — 21, 

=(@ +7 ) — 21, 

_ une _pntl 42 par Leah 2h 
= we gntl 


So n+ 1 also verifies the formula, and by the principle 
of mathematical induction it holds for all non-negative 
integers, and the given equation solves the recurrence. 


From this, we may directly deduce the general solution to 
the sequence (s;);e, used in Theorem 12. 


Corollary 15. The recurrence relation s;,, = s? — 2 for 
i= 1 with sp =4 is solved by 


Proof. By Lemma 14, it is sufficient to prove that @ is 
invertible and that it satisfies @ + @ | = soIy. Both are 


verified since 
a LO 
ONS. ep) NEB OD 


And 


Having a more general and suitable formula for the terms 
in the sequence (5s;);ey Will allow us to prove both direc- 
tions of Theorem 12 over the next two sections. 


IV. Sufficiency of LLT 


We formulate the sufficiency of the LLT as the first 
direction of Theorem 12 as follows 


Theorem 16 (Sufficiency of LLT). Define (s,);ex as 59 = 4 
and s; = rae —2 for i > 1. Then, for an odd prime p, if 
the Mersenne number M, := 2? — 1 divides s then it is 
prime. 


p-2) 


We shall proceed by contradiction, assuming the division 
holds without M, being prime. To reach this conclusion, 
we shall introduce a group and compute two different 
contradictory bounds for its size. 
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Claim 17. By G, we denote the set 


a-{(¢ 


With the binary multiplication -: G, x G, > G, inherited 
from the standard matrix multiplication modulo n. 


: ) €(Z/nZy*? : a*—3b7=1 (mod m} 


The set G, associated with the set operation - forms a 
group. 
Proof. Firstly, observe that the set operation - is well- 
defined and closed in G,, as 

a b\ (c d\_fact+3bd ad+be 

3b a 3d cc) \3ad+3be ac+3bd 
The later is an element of G,, as 
(ac +3bd)* —3(ad +bc)* = (a* —3b’)(c? —3d*) = 1 (mod n) 


To prove that G, is a group, it needs to verify the following 
three axioms: 


e It is associative. Indeed, the set operation is standard 
matrix multiplication modulo n, which is associative 
so the restriction to G, is so too. 

e It has an identity element. Indeed, it is easily verified 


1 0 

that I, = 01 

is an identity element to the standard matrix multi- 

plication modulo n, it also is one to the restriction to 
G,. 

e Each element has an inverse element. Indeed, if 


a b a 
& . € G,, then 34 
left inverse, and is also contained in G,. 


is an element of G,, and since it 


forms a right and 


All axioms are thus verified, which concludes that (G,, -) 
forms a group. 


Now we are ready to prove Theorem 16, the sufficiency of 
the Lucas-Lehmer Test. 


Proof. Suppose that M, has a proper prime divisor 
1 < q < M,. Notice that q # 2 since M, is odd. 
Additionally, since p is odd, M, = 2? — 1 = 1 (mod 3) so 
q # 3. 


Observe that since s,_, is a multiple of M,, there exists 
an integer k such that 
DP? —2P-? 


KM, = 5,2 => KM 1 = $p-21, = @ +@ 


= 0" ' =kM,o” - 1, 
Since M, is a multiple of q, the right-hand side is equal to 
—I, in G,, where G, is defined as in Claim 17. Hence, 
wo = —I, and o” = I, 
Notice that @ is in G,, so the order of w in G, divides 2?, 
but not 2?7!, and hence 


ord, (@) = 2? 


By Lagrange’s theorem, this means that 2? divides the 
order of G,, or in weaker terms, 


2? < ord(G,) 
On the other hand, observe that 
a — 3b? =1 


ord(G,) = #{(a,b) € Fp : (mod q)} 


However, by Lemma 9, this set has at most q+1 elements. 
Thus, we conclude that 


2 eordG,)<¢t1< 2—141=2" 


Which is obviously a contradiction. Hence, M, has no 
proper divisor, so M, is prime. 


One might notice that this proof could have been made 
easier by taking q to be the smallest proper divisor of 
M,, forcing q < 2, and altering the restriction of a 
determinant to be equal to 1 in Claim 17 to simply 
forcing a non-zero determinant. This however does not 
generalize, which is why we opted for this alternative 
proof. 


This proves that whenever the divisibility holds, the pri- 
mality holds. On a computational level, this is all we need. 
However, in order to make sure this will find all Mersenne 
primes, the divisibility is also necessary for the primality 
to hold. This is the necessity of the test, discussed in the 
next section. 


V. Necessity of LLT 
The necessity of the LLT may be formulated as the second 
direction of Theorem 12, as follows 


Theorem 18 (Necessity of LLT). Define (s,)jey as 59 = 4 
and s; = am —2 for i> 1. Then, for an odd prime p, if the 
Mersenne number M, += 2? — 1 is prime, then it divides 
Sp—2 - 

To prove this Theorem, we shall extract 2 key properties of 
a Mersenne primes, whose proof has been mainly covered 
earlier. 


Claim 19. Let p be an odd prime. Then 


Gz) == (8) 


Proof. By Lemmas 7 and 8, it is sufficient to prove that 
M,=7 (mod 12) and M,=7 (mod 24) 


Notice that the latter automatically implies the first, so 
we shall simply prove that 


M,=7 (mod 24) 


This is easily proven by induction on p, by replacing the 
assumption that p is an odd prime by the slightly stronger 
assumption that p is an odd integer > 3. 
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Claim 20. Let p be an odd prime and let A and B be 
2x2 matrices with values in F, such that AB = BA. Then 


(A+B)? = A’?+ B? (mod p) 


Proof. First notice that for 0 < k < p, we have 


(?) =0 (mod p) 


Indeed, recall the definition of the binomial coefficient 


P\ _ p! 
kk) k!-(p—b)! 


Since k,p—k < p and p is a prime, we know 
ptk! and pt(p—k)! 


But plp!, and (7) is an integer, hence 


“| (0) 


Now we shall prove the Binomial Theorem for commuting 
matrices. We claim the following formula holds 


(A+ By =>) (")a'ar 


i=0 


As stated. 


It is clearly true for n = 0, which constitutes our base case. 
Suppose it is true for some integer value n > 0. Then 


(A+ B)"t! =(A+ B)A+ B)" 


n n 
= > ee oe > Caer 
i=0 I ; I 


i=0 
n+l n+l 
— > (, n ea + > (") ater 
=o Vin] i=o \! 


So the formula also holds for n + 1, so it holds for all 
integer values of n. 


Combining the 2 previous observations thus yields that 


Pp 
(A+ BP = > (") Ai BP! = AP + BP (mod p) 
i=0 


As wanted. 


We have now armed ourselves with enough tools to prove 
Theorem 18. This proof is inspired, although largely sim- 
plified, by a similar proof by Paul Garrett in [4]. 


(2) 


Proof. Denote 


Then it is easy to check that 


@=6'o* (mod M,) 


And thus by Claim 19 


M,-1\ ~1 
=6 (6 2 ) oot! (mod M,) 


M,+1 


=-67!.6™% (mod M,) 


Now notice that 


v=(3 s)=(0 3)*6 9) 


The later two matrices commute, since the first is a 
diagonal matrix. Thus, we may apply Claim 19, Claim 20 
and Fermat’s Theorem to obtain 


Se Sl On dO Be 
= NOs3 3 0 


Ill 
Zo RT ON OLE AOR GE, ON i 


And thus 


And thus, finally, 


2P-l 2P-2 


p-2 
-I,=@ =o -@ 


(mod M » 


2p-2 


= w+ =0 (mod M,) 


= 5,7=0 (mod M,) 


As wanted originally. 


This finalizes the proof of the equivalence between the 
divisibility conditions and the primality condition of the 
Lucas-Lehmer Test (Theorem 12). 


D. Cortild, A. Villegas Sanabria 


Lucas-Lehmer Primality Test 


VI. Time Complexity 


As described throughout the sections, the Lucas-Lehmer 
Test is actually a rather simple test to execute. It merely 
consists of computing values of a sequence and testing for 
a divisibility criterion at the end. Since the recurrence is of 
order 1, it is unnecessary to store more than one previous 
value at a time, causing the test to be memory friendly 
too. The following Python script shows one possible im- 
plementation of the Lucas-Lehmer Test. 


def LLT(p): 
Mp = 2«xxp — 1 
s=4 
for i in range(p—2): 
s = (ses — 2) % Mp 
if s — 0: 
return ”PRIME” 
else: 
return ”COMPOSITE” 


One might observe that all values of the sequence (s;) are 
taken modulo M,, in the code, as it significantly reduces 
the size of the values and makes the algorithm much 
faster without adapting it too much. It also avoids the 
otherwise inevitable memory overflow problems. 


Observe that the final test for divisibility takes constant 
time with respect to p, as it only check whether the final 
value is 0 or not. Computing M, in the very start requires 
= log(p) operations, if done efficiently, by multiply-and- 
square method. Also, each step of the algorithm consists 
of 4 operations. In total, the algorithm thus runs in O(p) 
operations. 


However, it is unrealistic to consider the operation —2 to 
have the same complexity as the operation s-s, especially 
for large values of s. Instead, we will consider the number 
of bit-level operations. In these calculations, we assume 
we are working on a modern binary computer, allowing 
us to do certain tricks. This discussion is partially 
inspired, although highly remodelled, from Integer 
multiplication in time O(n log n) by David Harvey, Joris 
van der Hoeven ([3]) and from Cunningham numbers in 
modular arithmetic by E. V. Zima and A. M. Stewart ((9]). 


For starter, the number M, = 2? — | lives on p bits, in 
fact we know it is the p-bit string of all ones. Evaluating 
and storing M, thus runs in O(p) bit operations. 


Since s is always taken modulo M, we know that s lives 
on p bits. Using the naive multiplication method one is 
taught in elementary school makes the multiplication s-s 
cost O(p”) bit operations. More efficient multiplication 
algorithms exist, such as Fiirer’s Algorithm, however we 
shall restrict us to the naive approach at the time. 


Another quite heavy operation is the modulo M,. A naive 
approach would be subtracting M, until the number is 
smaller than M,. Given that s-s might be as large as M;, 
this approach might require M, subtractions, amounting 
to a total of O(pM,) = O(p2”) bit operations to simply get 
the value of s-s—2 modulo M,. A much more efficient 
way is to observe that 


a = |a/2?|+(a mod 2?) (mod 2? — 1) 
This may be seen by writing 
a=2?-B+ty, PEN,y €[0,2?—-1] 


Where f = [a@/2?| and y = (a mod 2”). 

Since s” — 2 lives on 2p bits, the first term represent the 
first p bits of s* —2, and the second term the other p bits. 
Reducing s* —2 modulo M p is thus a simple question of a 
p-bit addition. Notice that the sum might be larger than 
M,, but never larger than 2M,, so the total number of 
bit operations is O(p). 


Every iteration of the algorithm thus runs in O(p*) bit 
operations. The entire algorithm thus runs in O(p*) bit 
operations, so we may conclude the Lucas-Lehmer Test 
evaluates whether 2? — 1 is a prime in polynomial time 
O(p*) in p. 
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